Digital content management system and apparatus

ABSTRACT

There are provided a digital content management apparatus which further embodies a digital content management apparatus used with a user terminal, and a system which protects the secrets of a digital content. The system and the apparatus are a real time operating system using a microkernel, which is incorporated in the digital content management apparatus as an interruption process having high priority. When a user uses the digital content, whether there is an illegitimate usage or not, is watched by interrupting the usage process. In the case where illegitimate usage is carried out, a warning is given or the usage is stopped. The decryption/re-encryption functions of the digital content management apparatus having the decryption/re-encryption functions are not restricted to the inside of the user apparatus. By providing the decryption/re-encryption functions between the networks, the exchange of secret information between different networks is secured. By using this apparatus for converting a crypt algorithm, information exchange is made possible between systems which adopt different algorithms.

CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation-in-part of prior U.S. patent application Ser. No.08/549,270 filed on Oct. 27, 1995 ABN and prior U.S. patent applicationSer. No. 08/573,958 filed on Dec. 13, 1995, now U.S. Pat. No. 5,740,246,all of which are commonly assigned to the assignee of the presentinvention.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a system for managing digital content,specifically for managing a copyright of digital content claiming thecopyright and for securing secrecy of digital content, and also relatesto an apparatus implementing the system.

2. Background Art

In information-oriented society of today, a database system has beenspread in which various data values having been stored independently ineach computer so far are mutually used by computers connected bycommunication lines.

The information handled by the prior art database system is classicaltype coded information which can be processed by a computer and has asmall amount of information or monochrome binary data like facsimiledata at most. Therefore, the prior art database system has not been ableto handle data with an extremely large amount of information such as anatural picture and a motion picture.

However, while the digital processing technique for various electricsignals develops, development of the digital processing art has shownprogress for a picture signal other than binary data having been handledonly as an analog signal.

By digitizing the above picture signal, a picture signal such as atelevision signal can be handled by a computer. Therefore, a “multimediasystem” for handling various data handled by a computer and picture dataobtained by digitizing a picture signal at the same time is recognizedas a future technique.

Because hitherto widely-spread analog content is deteriorated in qualitywhenever storing, copying, editing, or transmitting it, copyright issuesassociated with the above operations has not been a large problem.However, because digital content is not deteriorated in quality afterrepeatedly storing, copying, editing, or transmitting it, the control ofcopyrights associated with the above operations is a large problem.

Because there is not hitherto any exact method for handling a copyrightfor digital content, the copyright is handled by the copyright law orrelevant contracts. Even in the copyright law, compensation money for adigital-type sound- or picture-recorder is only systematized.

Use of a database includes not only referring to the contents of thedatabase but also normally effectively using the database by storing,copying, or editing obtained digital content. Moreover, it is possibleto transmit edited digital content to another person via on-line by acommunication line or via off-line by a proper recording medium.Furthermore, it is possible to transmit the edited digital content tothe database to enter it as new digital content.

In an existing database system, only character data is handled. In amultimedia system, however, audio data and picture data which areoriginally analog content are digitized to a digital content and formedinto a database in addition to the data such as characters which havebeen formed into a database so far.

Under the above situation, how to handle a copyright of digital contentformed into a database is a large problem. However, there has not beenadequate copyright management means for solving the problem so far,particularly copyright management means completed for secondaryutilization of the digital content such as copying, editing, ortransmitting of the digital content.

Although digital content referred to as “software with advertisement”oras freeware is, generally, available free of fee, it is copyrighted andits use may be restricted by the copyright depending on the way of use.

In view of the above, the inventor of the present invention has madevarious proposals thus far in order to protect a copyright of thedigital content. In GB 2269302 and U.S. Pat. No. 5,504,933, the inventorhas proposed a system for executing copyright management by obtaining apermit key from a key management center through a public telephone line,and has also proposed an apparatus for that purpose in GB 2272822.Furthermore, in EP 677949 and in EP 704785, a system has been proposedfor managing the copyright of the digital content.

In these systems and apparatus, those who wish to view encryptedprograms request to view a program using a communication device to amanagement center via a communication line, and the management centertransmits a permit key in response to the request for viewing, andcharges and collects a fee.

Upon receipt of the permit key, those who wish to view the program sendthe permit key to a receiver either by an on-line or an off-line meansand the receiver, which has received the permit key, decrypts theencrypted program according to the permit key.

The system described in EP 677949 uses a program and copyrightinformation to manage a copyright in addition to a key for permittingusage in order to execute the management of a copyright in displaying(including process to sound), storing, copying, editing, andtransmitting of the digital content in a database system, including thereal time transmission of digital picture content. The digital contentmanagement program for managing the copyright watches and manages toprevent from using the digital content outside the conditions of theuser's request or permission.

Furthermore, EP 677949 discloses that the digital content is suppliedfrom a database in an encrypted state, and is decrypted only whendisplayed and edited by the digital content management program, whilethe digital content is encrypted again when stored, copied ortransmitted. EP 677949 also describes that the digital contentmanagement program itself is encrypted and is decrypted by the permitkey, and that the decrypted digital content management program performsdecryption and encryption of the digital content, and when usage otherthan storing and displaying of the digital content is executed, thecopyright information is stored as a history, in addition to theoriginal copyright information.

In U.S. patent application Ser. No. 08/549,270 and EP 0715241 relatingto the present application, there is proposed a decryption/re-encryptionapparatus having configuration of a board, PCMCIA card or an IC card formanaging the copyright, and a system for depositing a crypt key. Also, areference is made to apply the copyright management method to a videoconference system and an electronic commerce system.

In U.S. patent application Ser. No. 08/549,271 and EP 709760, a systemhas been proposed wherein the protection of an original digital contentcopyright and an edited digital content copyright in case of the editeddigital content using a plurality of digital contents is carried out byconfirming the validity of a usage request according to a digitalsignature on an edit program by combining a secret-key cryptosystem anda public-key cryptosystem.

In U.S. patent application Ser. No. 08/573,958, now U.S. Pat. No.5,740,246, and EP 719045, various forms have been proposed for applyingthe digital content management system to a database and avideo-on-demand (VOD) systems or an electronic commerce.

In U.S. patent application Ser. No. 08/663,463, now U.S. Pat. No.5,848,158, EP 746126, a system has been proposed, in which copyrights onan original digital content and a new digital content are protected byusing a third crypt key and a copyright label in case of using andediting a plurality of digital contents.

As can be understood from the digital content management systems and thedigital content management apparatus which have been proposed by theinventor of the present invention described above, the management of adigital content copyright can be realized by restrictingencryption/decryption/re-encryption and the form of the usage. Thecryptography technology and the usage restriction thereof can berealized by using a computer.

In order to use the computer efficiently, an operating system (OS) isused which, supervises the overall operation of the computer. Theconventional operating system (OS) used on a personal computer or thelike is constituted of a kernel for handling basic services such asmemory control, task control, interruption, and communication betweenprocesses and OS services for handling other services.

However, improvement in the functions of the OS which supervises theoverall operation of computers is now being demanded where circumstanceschange on the computer side, such as improved capability ofmicroprocessors, a decreased price of RAMs (Random Access Memory) usedas a main memory, as well as improvement in the performance capabilityof computers is required by users, as a consequence, the scale of an OShas become comparatively larger than before.

Since such an enlarged OS occupies a large space itself in the hard diskstored OS, the space for storing the application programs or data neededby the user is liable to be insufficient, with the result in which theusage convenience in the computer becomes unfavorable.

In order to cope with such a situation, in the latest OS, anenvironmental sub-system for performing emulation of other OS andgraphics displaying, and a core sub-system such as a security sub-systemare removed from the kernel, as a sub-system that is a part that dependson the user. The basic parts such as a HAL (hardware abstraction layer)for absorbing differences in hardware, a scheduling function, aninterruption function, and an I/O control function is a micro-kernel,and a system service API (Application Programming Interface) isinterposed between the sub-system and the micro-kernel, therebyconstituting the OS.

By doing so, extension of the OS by change or addition of functions willbe improved, and portability of the OS can be facilitated correspondingto the applications. By a distributed arrangement for elements of themicro-kernel to a plurality of network computers, the distributed OS canalso be realized without difficulty.

Computers are used in computer peripheral units, various control units,and communication devices in addition to the personal computersrepresented by the desktop type or notebook type computers. In such acase, as an OS unique for embedding, applicable to each of the devices,a real time OS is adopted in which execution speed is emphasized, unlikein a generalpurpose personal computer OS, in which the man-machineinterface is emphasized.

Naturally, the development cost for a respective OS unique to eachdevice embedded will be high. There has recently been proposed,therefore, that a general-purpose OS for personal computers as areal-time OS for embedding is used instead. By arranging a specifiedprogram for embedding in a sub-system combined with the micro-kernel, areal-time OS for embedding can be obtained for embedding.

As the major functions of an OS, there is a task control, such asscheduling, interruption processing, and the like. With respect to taskcontrol, there are two kinds of OS's; the single-task type, in whichonly one task is executed at the same time, and the multi-task type, inwhich a plurality of task processes are executed at the same time. Themulti-task type is further classified into two kinds; one multi-tasktype, changing of tasks depends on the task to be executed, and theother multi-task type, the changing does not depend on the task to beexecuted.

In the aforementioned types, the single-task type assigns one process toa CPU (Central Processing Unit) and the CPU is not released until theprocess comes to an end, and a non-preemptive multi-task type performstime-division for the CPU, and the CPU can be assigned to a plurality ofprocesses. As long as the process which is being executed does not givecontrol back to the OS, other processes are not executed. And apreemptive multi-task type interrupts the process which is beingexecuted during a certain time interval and thereby forcibly move thecontrol to another process. Consequently, real time multi-task can beavailable only in the case of the preemptive type.

Task control in a computer is performed according to processes beingunits having system resources such as a memory and a file. Processcontrol is performed according to a thread, being a unit in which CPUtime is assigned, in which the process is minutely divided.Incidentally, in this case, the system resources are shared in all thethreads in the same process. More than one threads, therefore, may existwhich share the system resources in one process.

Each task which is processed by the multi-task type has a priorityspectrum, which is generally divided into 32 classes. In such a case, anormal task without interruption is classified into dynamic classeswhich are divided into 0 to 15 classes, while a task performinginterruption is classified into realtime classes divided into 16 to 31classes.

Interruption processing is carried out using interruption enabling time(generally, 10 milliseconds) referred to as a time slice, as one unit. Anormal interruption is carried out during a time slice of 10milliseconds. In such a situation, a time slice has recently beenproposed wherein the interruption enabling time is set to 100microseconds. When such a real time slice is used, an interruption canbe carried out with greater priority than the conventional 10milliseconds.

SUMMARY OF THE INVENTION

In the present application, there is proposed a digital contentmanagement apparatus which further embodies a digital content managementapparatus which can be used with the user terminal proposed in EP704785, for managing a digital content, specifically, a copyright of thedigital content claiming the copyright. And also there is proposed asystem to which the idea applied to the digital content managementapparatus is further applied to secrecy protection of the digitalcontent.

In the present application, a system for watching the illegitimate usageof the digital content and an apparatus therefor are proposed. Thesesystem and apparatus are a real time operating system using amicro-kernel, and are incorporated in the digital content managementapparatus as an interruption process having a high priority, or arearranged in a network system using the digital content. It is watchedwhether an illegitimate usage or not, by interrupting into the useprocess when a user utilizes the digital content. In the case whereillegitimate usage is performed, a warning or a stop for the usage isgiven.

Furthermore, in the present application, decryption/re-encryptionfunctions in the digital content management apparatus having thedecryption/re-encryption functions are not restricted within the userapparatus but are provided in a gateway or a node between the networks,so that the exchange of secret information is secured between differentnetworks.

By using the apparatus according to the present invention, for theconversion of crypt algorithm, information exchange can be made possiblebetween systems which adopt different crypt algorithms.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a structural view of a digital content management system towhich the present invention is applied.

FIG. 2 is a structural view of a digital content management apparatus towhich the present invention is applied.

FIG. 3 is a structural view of another digital content managementapparatus to which the present invention is applied.

FIG. 4 is a structural view of a system for watching the digital contentusage according to the present invention.

FIG. 5 is a structural view of a system for protecting digital contentsecrecy according to the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The present invention is a copyright management system and an apparatusfor digital content. In the following description, numerous specificdetails are set forth to provide a more thorough description of thepresent invention. It will be apparent, however, to one skilled in theart, that the present invention may be practiced without these specificdetails. In other instances, well known features have not been describedin detail so as not to obscure the present invention.

The description of the preferred embodiments according to the presentinvention is given below referring to the accompanied drawings.

FIG. 1 shows a structure of the digital content management system towhich the present application applies.

In this digital content management system illustrated in FIG. 1,reference numerals 1, 2 and 3 represent databases stored text data,binary data of a computer graphics screen or a computer program anddigital content of sound or picture data, which are not encrypted. 9represents a communication network constituted of using a publictelephone line offered by a communication enterprise or a CATV lineoffered by a cable television enterprise, 4 represents a primary userterminal, 5 represents a secondary user terminal, 6 represents atertiary user terminal, and 7 represents an n-order user terminal, and 8represents a digital content management center.

On the above arrangement, the databases 1, 2, 3, the digital contentmanagement center 8, primary user terminal 4, secondary user terminal 5,tertiary user terminal 6, and n-order user terminal 7 are connected tothe communication network 9.

In this figure, a path shown by a broken line represents a path fortransferring encrypted digital content, a path shown by a solid linerepresents a path for transferring requests from each of the userterminals 4, 5, 6, 7 to the digital content management center 8, a pathshown by a one-dot chain line represents a path through which a permitkey corresponding to a usage request, a digital content managementprogram and a crypt key are transferred from each of the databases 1, 2,3, and the digital content management center 8 to each of the userterminals 4, 5, 6, 7.

This digital content management system employs a first public-key Kb1, afirst private-key Kv1 corresponding to the first public-key Kb1, asecond public-key Kb2, and a second private-key Kv2 corresponding to thesecond public-key Kb2 that are prepared by the user, and a firstsecret-key Ks1 and a second secret-key Ks2 prepared by the database. Thedatabase encrypts digital content M by using the first secret-key Ks1:

Cmks 1=E (Ks 1, M),

and further encrypts the first secret-key Ks1 by the first public-keyKbl:

Cks 1 kb 1=E (Kb 1, Ks 1 )

and the second secret-key Ks2 by the second public-key Kb2:

Cks 2 kb 2=E (Kb 2, Ks 2).

The database then transfers these encrypted digital content Cmks1, thefirst and the second secret-keys Cks1kb1 and Ck2kb2 to the user.

The user decrypts the encrypted first secret-key Cks1kb1 using the firstprivate-key Kv1:

Ks 1=D (Kv 1, Cks 1 kb 1),

and decrypts the encrypted digital content Cmks1 by the decrypted firstsecret-key Ks1:

M=D (Ks 1, Cmks 1)

and uses it. The user decrypts encrypted second secret-key Cks2kb2 bythe second private-key Kv2:

Ks 2=D (Kv 2, Cks 2 kb 2),

which is subsequently used as a crypt key for storing, copying, ortransferring digital content.

If the primary user 4 copies digital content obtained and then suppliesit to the secondary user 5, the digital content does not involve thecopyright of the primary user 4 because no modifications have been madeto the digital content. If, however, the primary user 4 produces newdigital content based on the digital content obtained or using a meansfor combining with other digital content, the new digital contentinvolves a secondary copyright for the primary user 4, and the primaryuser 4 has the original copyright for this secondary work.

Similarly, if the secondary user 5 produces further new digital contentbased on the digital content obtained from the primary user 4 orcombining with other digital content, the new digital content involves asecondary copyright for the secondary user 5, and the secondary user 5has the original copyright of this secondary work.

Databases 1, 2, and 3 store text data, binary data constituting computergraphics screens or programs and digital content such as digital audiodata and digital picture data, which are encrypted and supplied to theprimary user terminal 4 via network 9 during a digital content readoperation in response to a request from the primary user terminal 4.

Managing the digital content obtaining from the database is carried outby the method described in Japanese Patent Laid-open No. 185448/1996 orin Japanese Patent Laid-Open No. 287014/1996, which have been proposedby the present inventor.

Recently, a PCI (Peripheral Component Interconnect) bus has attractedattention as means for implementing a multiprocessor configuration in atypical personal computer. The PCI bus is a bus for external connectionconnected to a system bus of a personal computer via a PCI bridge, andallows to implement a multiprocessor configuration.

The digital content includes graphics data, computer programs, digitalaudio data, still picture data by JPEG and also moving picture data byMPEG 1 or MPEG 2, in addition to character data. In case that thedigital content to be managed is moving picture data by JPEG stillpicture system or moving picture data by MPEG 1 or MPEG 2, as havingremarkably large amount of data with high speed, managing the digitalcontent by a single processor is difficult.

FIG. 2 is a block diagram illustrating an arrangement of a digitalcontent management apparatus used for managing the digital content ofthe above in the digital content management system shown in FIG. 1.

The digital content management apparatus comprises a first digitalcontent management apparatus 12 connected to a user terminal 11 and asecond digital content management apparatus 13.

The first digital content management apparatus 12 has a computerconfiguration having a MPU (MicroProcessor Unit) 24, a local bus 25 ofMPU 24, ROM (Read-Only Memory) 26 connected to the local bus 25, RAM 27and EEPROM (Electrically Erasable Programmable Read-Only Memory) 31.

A PCI bus 23 is connected to a system bus 15 for a microprocessor 14 viaa PCI bridge 22 and the local bus 25 for the MPU 24 of the digitalcontent management apparatus 12 is connected to the PCI bus 23, and alsoa local bus 30 for MPU 29 of the digital content management apparatus13. Also connected to the system bus 15 of the user terminal 11 are acommunications device (COMM) 21 which receives digital content fromexternal databases and transfers digital content to the external of theterminal, a CD-ROM drive (CDRD) 20 which reads digital content suppliedon CD-ROM, a flexible disk drive (FDD) 19 which copies received oredited digital content in a flexible disk to supply to the external ofterminal, and hard disk drive (HDD) 18 used for storing digital content.COMM 21, CDRD 20, FDD 19, and HDD 18 may also be connected to the PCIbus 23. While ROM, RAM etc., of course, are connected to the system bus15 of the user terminal, these are not shown in FIG. 2.

The decryption and re-encryption operations are performed by either ofthe MPU 24 of the first digital content management apparatus 12 and theMPU 29 of the second digital content management apparatus 13, i.e., oneperforms decryption and the other performs re-encryption at the sametime. Since the configuration of the MPU 24 and MPU 29 in FIG. 2 is amultiprosessor configuration which performs parallel processing with aPCI bus 23, high processing speed can be achieved.

In the digital content management apparatus shown in FIG. 2, the storagemedium, such as HDD 18, for storing re-encrypted digital content isconnected to the system bus 15 of the user terminal 11. In order tostore re-encrypted digital content, therefore, the encrypted digitalcontent must be transferred by way of the system bus 15 of the userterminal 11 and the local bus 25 or 30 of the digital content managementapparatus 12 or 13, and consequently, processing speed can be slowed.

In the digital content management apparatus shown in FIG. 3, acommunications device COMM and a CD-ROM drive CDRD are connected to alocal bus of a digital content management apparatus for decryption, anda storage device such as HDD for storing re-encrypted digital contentare connected to the local bus of a digital content management apparatusfor re-encryption.

The digital content management apparatus 35 for decryption has thecomputer system configuration having a MPU 37, a local bus 38 for theMPU 37, and ROM 39, RAM 40 and EEPROM 41 connected to the local bus 38,and a communication device COM 42 and a CD-ROM drive CDRD 43 areconnected to the local bus 38. The encrypted digital content suppliedfrom the communication device COM 42 and the CD-ROM drive CDRD 43 aredecrypted in this apparatus.

The digital content management apparatus 36 for re-encryption has thecomputer system configuration having a MPU 44, a local bus 45 for theMPU 44, and ROM 46, RAM 47 and EEPROM 48 connected to the local bus 45,and HDD 49 is connected to the local bus 45. The digital content whichhas been re-encrypted in the digital content management apparatus 36 forre-encryption is stored in HDD 49.

In the protection of a digital content copyright, the greatest issue ishow to prevent from illegitimate usage of the digital content on theuser side apparatus. Decryption/re-encryption and restriction on usageare carried out by a digital content management program for thispurpose.

However, since decryption/re-encryption of the digital content to beprotected the copyright is performed using an apparatus on the userside, it is virtually impossible to expect that processing of thedecryption/re-encryption and the management of the crypt key which isused for the purpose will be complete. There is a possibility that thedigital content will be illegitimately stored, copied, transmitted andedited by invalidating the digital content management program.

In order to restrict such illegitimate usage, it is required that adigital content management program for decryption/re-encryption of thedigital content, and for managing the crypt key cannot be altered by theuser. For this purpose, incorporation of the digital content managementprogram into the hardware is the most secure method.

For example, there is a configuration in which a dedicated scrambledecoder is currently used for descrambling scrambled broadcast programsin analog television broadcast, so that decryption/re-encryption of thedigital content and management of the crypt key are available only byusing a dedicated digital content management apparatus.

Although such a configuration is reliable, the system structure islacking in flexibility. When the apparatus on the user side is changed,or the digital content management program is changed, it is very hardfor the user to respond to such changes. In case of a network computeron which has been recently focused, since the network computer does nothave a function for storing the digital content management program, itwould be impossible to realize the digital content management program inthe hardware.

In order to correspond with flexibility to a case where the apparatus onthe user side changes, or a case where the digital content managementprogram is changed, it is desirable for the digital content managementprogram to be software. However, there is a possibility that the digitalcontent management program is altered as long as the digital contentmanagement program is an application program.

For the digital content management program being software, the digitalcontent management program is required to be incorporated in a kernelthat is a fixed area and cannot be altered by the user. However, it isnot practical for the digital content management program to beincorporated in the fixed area of a kernel, where the digital contentmanagement system and the cryptosystem are differentiated between thedatabases.

As described above, some real time OS can perform interruption in realtime slice time which is one or two figures faster than the time sliceof the system in another OS that includes kernel area. By using thistechnology, the usage status of the digital content which is claimingthe copyright, is watched without affecting the overall operation. Andif an illegitimate usage is found, it is possible to give a warning orto forcibly stop the usage thereof.

Next, a method for reinforcing a digital content management program byusing a real time OS is described.

The digital content management apparatus shown in FIG. 2 has amulti-processor structure in which a first digital content managementapparatus 12 and a second digital content management apparatus 13 areconnected to an apparatus on the user side via a PCI bus. The decryptionand re-encryption operations of the first digital content managementapparatus 12 and the second digital content management apparatus 13 arecontrolled by the digital content management program in the userterminal 11.

The digital content management program of the user terminal 11 alsomanages the operation of the communication device 21, the CD-ROM drive20, the flexible disk drive 19 and the hard disk drive 18, which manageloading or downloading of encrypted digital content, and storing intothe hard disk drive 18, copying to the flexible disk drive 19 anduploading to the communication device 21 of re-encrypted digitalcontent.

Since illegitimate usage of the digital content is carried out byunauthorized editing, unauthorized storing, unauthorized copying orunauthorized uploading of the decrypted digital content, whether theillegitimate usage has been carried out or not, can be detected bywhether editing, storing, copying or uploading of the decrypted digitalcontent is performed or not. As a consequence, the process for watchingthe illegitimate usage interrupts a digital content use process which isbeing executed in a certain time interval, while interrupting by apreemptive type multi-task which forcibly carries out watching of theprocess.

The multi-task time slice normally carried out is 10 milliseconds, andthe decryption/re-encryption process is carried out in this time unit.On the other hand, the fastest real time slice is 100 microseconds,which is 1/100 of the normal time unit. Consequently, the watching task,which has high interruption priority, can watch the digital content asto whether the decrypted digital content is being edited, stored, copiedor uploaded, so that the usage status of the digital content for whichthe copyright is claimed can be watched without affecting regular usageby the user, and a warning can be given and usage thereof can beforcibly stopped.

The digital content management program with such a watching function isincorporated into a sub-system area which is operated in the user modein place of the kernel of the OS, and the watch process is regarded as aprocess with a high priority. By constituting the system in this way,the usage status of the digital content by decryption/re-encryption andalso the illegitimate usage other than the permitted usage can bewatched at the same time, and such watching can be executed smoothly.

The digital content management apparatus shown in FIG. 3 has amulti-processor structure in which a first digital content managementapparatus 35 and a second digital content management apparatus 36 areconnected to an apparatus on the user side via a PC1 bus. The decryptionand re-encryption operations of the first digital content managementapparatus 35 and the second digital content management apparatus 36 arecontrolled by the digital content management program in the userterminal 34.

The digital content management program of the user terminal 34 alsomanages the operation of the communication device 42, the CD-ROM drive43, the flexible disk drive 19 and the hard disk drive 39, which manageloading or downloading of encrypted digital content, and storing intothe hard disk drive 39, copying to the flexible disk drive 19 anduploading to the communication device 42 of re-encrypted digitalcontent.

Since illegitimate usage of the digital content is carried out byunauthorized editing, unauthorizing storing, unauthorized copying orunauthorized uploading of the decrypted digital content, it can bedetected as to whether the illegitimate usage has been carried out ornot, by checking whether editing, storing, copying or uploading of thedecrypted digital content is performed or not. As a consequence, theprocess for watching the illegitimate usage interrupts a digital contentuse process which is being executed in a certain time interval, whileinterrupting by a preemptive type multi-task which forcibly carries outwatching of the process.

The multi-task time slice normally carried out is 10 milliseconds, andthe decryption/reencryption process is carried out in this time unit. Onthe other hand, the fastest real time slice is 100 μs, which is 1/100 ofthe normal time unit. Consequently, the watching task, which has highinterruption priority, can watch the digital content as to whether thedecrypted digital content is being edited, stored, copied or uploads, sothat the usage status of the digital content for which the copyright isclaimed can be watched without affecting regular usage by the user, andif illegitimate usage is found, a warning can be given and usage thereofcan be forcibly stopped.

The digital content management program with such a watching function isincorporated into a sub-system area which is operated in the user modein place of the kernel of the OS, and the watching process is regardedas a process with a high priority. By constituting the system in thisway, the usage status of the digital content by decryption/re-encryptionand also the illegitimate usage other than the permitted usage can bewatched at the same time, and such watching can be executed smoothly.

Next, a structure for watching the illegitimate usage of the digitalcontent in the distributed OS is described referring to FIG. 4. FIG. 4illustrates a structure of a general distributed type OS, in whichservers 51 to 54 and clients 55 to 58 are connected to a network 50.

The network 50 is a restricted network such as LAN (Local Area Network)in an office. Each of the servers 51 to 54 stores basic OS elements ofthe micro-kernel, application elements which are a sub-system, or thedigital content. In order to manage the digital content, the digitalcontent management program which has been described so far is required.This digital content management program is stored, for example, in theserver 54. And the watch program for watching the illegitimate usage ofthe digital content having a high priority for interruption is stored,for example, in the supervisory server 51 for supervising the overalloperation of the distributed Os.

Although the terminal apparatus of the clients 55 to 58 is a simpleterminal, the terminal is provided with a copying device such as aflexible drive or the like when necessary.

In such a structure, when the clients 55 to 58 use the digital contentwhich is stored in the servers 51 to 54, the clients 55 to 58 aresupplied the micro-kernel that is the basic OS elements from each of theservers, and also supplied the digital content management program whichis stored in the server 54, and thus, the digital content can be used.

The digital contents stored in the server are either encrypted or notencrypted. In either of these cases, the digital content is suppliedwith encrypted when supplied to the clients. Therefore, in order for theclient to use the encrypted digital content, it is necessary to obtainthe crypt key and to decrypt by the digital content management programas has been described above.

The fact that the client uses the digital content and the digitalcontent management program is grasped by the supervisory server 51. Thiswatch process automatically interrupts the process which is beingexecuted by the client at regular intervals without the client'srequest, and watches, and gives a warning or stop of the usage if anillegitimate usage is detected.

Since such a watch process can be completed with a process having asmall size, and therefore, that affects little on the operation on theclient side, and the user does not notice the operation of the watchprogram.

In the distributed OS, the servers and the clients have been explainedas separated. However, the aforementioned structure may be applied whena client machine is provided with a hard disk drive, and the clientmachine also serves as the server machine. When the network 50 is not arestricted one as LAN in a office, but a non-restricted one such as theInternet system, the aforementioned structure can be also applied.

In particular, such a structure is effective in a network computersystem. Even in the case where the user modifies a computer not providedwith a storage device, a copying device or a communication device fortransmission, or use a normal computer pretending to be of a networkcomputer system, the digital content can be managed by remote control.

Furthermore, the structure can be applied to the digital contentmanagement system shown in FIG. 1. In such a case, the watch program isstored in the digital content management center 8 of FIG. 1 to regularlywatch whether users illegitimately use the encrypted digital contentsupplied from the database through the network 9 by remote control.

In case where the digital content is broadcast via analog data broadcastor via digital data broadcast, the watch program may be transferred byinserting to the digital content. Also, the watch program may beresident in an apparatus of the digital content user so that the remotecontrol is made possible by periodically broadcasting watch programcontrol signal.

In the case where the digital content having a large amount ofinformation, such as digital picture content is handled in the digitalcontent management system which is carried out via the network, an ISDN(Integrated System for Digital Network) line is used in many cases as acommunication line.

As the ISDN line, there are generally used two data channels having adata transmission speed of 64 Kbps (Kilo bits per second) referred to asB channels, and a control channel having a data transmission speed of 16Kbps referred to as D channel. Naturally, the digital content istransmitted through one or two data channels, while the D channel is notused in many cases.

Thus, if the D channel is used for the interruption watching by thewatch program, it would be possible to watch the usage status by remotecontrol without affecting the usage of the digital content at all.

When the user uses information to which a copyright is claimed, the realtime OS is automatically linked to the digital content managementcenter, it is also possible to watch and manage the re-encryptionmechanism with a real time OS as a result.

Further, in the case where a digital content creator or an end user usesinformation to which a copyright is claimed, a re-encryption programresident in the PC uses the real time OS so that remote watching andmanagement can be made possible:

Next, application of the digital content management system to theprevention of the leakage of information is described. FIG. 5illustrates a structure of the system for preventing from the leakage ofinformation by applying the system to an intranet system in which a LANis connected to the Internet system.

In FIG. 5, reference numerals 60, 61, and 62 represent the networksystems which are connected to each other by a public line 63. Inparticular, the network system 62 is a LAN system established in aoffice or the like. These network systems are connected with each othervia a public communication line or the like to constitute an Internetsystem as a whole. Clients 64, 64, 64 are connected to the LAN system 62and servers not shown in the figure are connected in addition.

The LAN system has secret data such as business secrets and the liketherein. Since the LAN system is connected to the outside network, theproblems of the leakage of the secret information to the outside, or ofthe access to the secret information from the outside may arise. As aconsequence, although an information partition, called a “fire-wall,” isnormally provided between the LAN system and the public line, that isnot technologically perfect. Also, even in the case of the businesssecret data, it may be necessary to supply the business secret data toanother party, where the another party network has a common interest,and in such a case, the presence of the fire-wall becomes an obstacle.

As has been described repeatedly, the management of the secret data canbe completely carried out through encryption. In the case where thecrypt algorithm used in the other party network is common with thealgorithm used in the one's own network, the secret data can be sharedby sending the crypt key to the other party by some means. In the casewhere the crypt algorithm used in the other party network is differentfrom the algorithm which is used in one's own network, such means cannotbe adopted.

In order to cope with such a problem, crypt key conversion devices 65,66 and 67 are arranged in place of or together with the fire-wall in theInternet system shown in FIG. 5. These crypt key conversion devices 65,66 and 67 have the same configuration as the digital content managementapparatus which have been described by using FIGS. 2 and 3, and performdecryption/re-encryption by two different crypt keys.

For example, the crypt key conversion device 65 decrypts an encrypteddata from the network 60, and re-encrypts the decrypted data by usingthe crypt key common to the whole Internet system. The crypt keyconversion device 67 which has received the re-encrypted data decryptsthe re-encrypted data by using the crypt key common to the wholeInternet system, and re-encrypts the decrypted data and supplies it tothe client 64. By doing this, the problem of sending the crypt key isalleviated.

These crypt key conversion devices 65, 66 and 67 can be arranged in agateway or a node which is used as a connection between networks.Further, even in a closed network system other than the Internet, whichis a liberated system, this system functions efficiently in such caseswhere individual information such as reliability information, medicalinformation or the like is handled, and where access to the data isnecessary to differ by levels.

These crypt key conversion devices also can be used so as to convert thecrypt algorithm. There are plurality of crypt algorithms which arecurrently used or proposed. In the worst case, a plurality of networksusing different crypt algorithm respectively coexist, and thus,compatibility is lost, which becomes an obstacle to the development ofthe information oriented society. Even if a new effective cryptalgorithm is developed, and if it has not compatibility with theexisting crypt algorithm, an obstacle to the development of theinformation oriented society may similarly be brought.

In order to cope with such problems, the crypt algorithm can beconverted by arranging the crypt key conversion devices 65, 66 and 67 ofFIG. 5 in th e gateway on the network. These crypt algorithm conversiondevices decrypt the encrypted data to be re-encrypted with a differentcrypt algorithm.

For example, the crypt algorithm conversion device 65 decrypts the datawhich is encrypted by a crypt algorithm unique to the network 60 andre-encrypts the decrypted data by a crypt algorithm which is common inthe whole Internet system. The crypt algorithm conversion device 67 thathas received the re-encrypted data decrypts the re-encrypted data,encrypts the decrypted data by the crypt algorithm unique to the network62, and supplies it to the client 64.

By doing so, it becomes possible to handle the encrypted data betweennetworks that adopt different crypt algorithms. Here, there may be twocases; one is a case in which the crypt key is not changed at all, andthe other is a case in which the crypt key is changed at each stage.

In using databases, in a case where a data storing server referred to as“proxy server” or “cache server” is used, and where the digital contentis encrypted, the crypt key or crypt algorithm used between a dataserver and the proxy server may be differentiated from the crypt key orcrypt algorithm used between the proxy server and a user, and then, theconversion of them is carried out by using the crypt key conversiondevice or crypt algorithm conversion device, so that the encrypteddigital content can be prevented from illegitimate usage thereof.

The conversion of the crypt algorithm by these devices can be effectedby units of countries. Even in the case where crypt algorithms are usedwhich differ from one country to another, it becomes possible to adopt akey escrow system unique to the respective country, or a key recoverysystem using the key escrow system.

It is understood that particular embodiments described herein areillustrative and the present invention is not limited to theseparticular embodiments. It will be apparent to those skilled in the artthat changes can be made in the various details described herein withoutdeparting from the scope of the invention. The present invention isdefined by the claims and their full scope of equivalents.

I claim:
 1. A digital content management system which uses digitalcontents, said system having: a server in which a watch program whichwatches illegitimate usage of the digital content is stored, said watchprogram having a high interruption priority, and being constituted as areal time operating system using a micro-kernel, in a network.
 2. Adigital content management apparatus used with a user terminal whichuses a digital content, said digital content management apparatuscomprising a microprocessor, a microprocessor bus, a read-onlysemiconductor memory, an electrically erasable and programmableread-only memory, and a read/write memory, wherein: said microprocessor,said read-only semiconductor memory, said electrically erasable andprogrammable read-only memory and said read/write memory are connectedto said microprocessor bus, and a system bus of said user terminal iscapable of being connected to said microprocessor bus; a crypt algorithmand a watch program watching illegitimate usage of the digital content,are components of an operating system stored in said read-onlysemiconductor memory, said watching program having a high interruptionpriority; and a user's first public-key, a user's first private-key, auser's second public-key, a user's second private-key, a digital contentmanagement program, a database's first secret-key, a database's secondsecret-key and copyright information are stored in said electricallyerasable and programmable read-only memory.
 3. The digital contentmanagement apparatus according to claim 2 is configured on an IC chip.4. The digital content management apparatus according to claim 2 isconfigured in an IC card.
 5. The digital content management apparatusaccording to claim 2 is configured in a PC card.
 6. The digital contentmanagement apparatus according to claim 2 is configured in an insertedboard.
 7. A digital content management apparatus which protects thesecrets of a digital content in a network, said digital contentmanagement apparatus comprising a microprocessor, a microprocessor bus,a read-only semiconductor memory, an electrically erasable andprogrammable read-only memory and a read/write memory, wherein: saidmicroprocessor, said read-only semiconductor memory, said electricallyerasable and programmable read-only memory and said read/write memoryare connected to said microprocessor bus, and a system bus of said userterminal is capable of being connected; a crypt algorithm and a watchprogram watching illegitimate usage of the digital content, arecomponents of an operating system stored in said read-only semiconductormemory, said watching program having a high interruption priority; and auser's first public-key, a user's first private-key, a user's secondpublic-key, a user's second private-key, a digital content managementprogram, a database's first secret-key, a database's second secret-keyand copyright information are stored in said electrically erasable andprogrammable read-only memory.
 8. The digital content managementapparatus according to claim 7 is configured on an IC chip.
 9. Thedigital contents management apparatus according to claim 7 is configuredin an IC card.
 10. The digital contents management apparatus accordingto claim 7 is configured in a PC card.
 11. The digital contentsmanagement apparatus according to claim 7 is configured in an insertedboard.